1/9
Contents
Title and Copyright Information
Preface
Documentation Accessibility
Conventions
1
Introduction and Roadmap
Document Scope
Document Audience
Guide to this Document
Related Information
Security Samples and Tutorials
Security Examples in the WebLogic Server Distribution
Additional Examples Available for Download
New and Changed Security Features In This Release
2
Overview of the WebLogic Security Service
Introduction to the WebLogic Security Service
Features of the WebLogic Security Service
Oracle Platform Security Services (OPSS)
Balancing Ease of Use and Customizability
New and Changed Features in This Release
3
Security Fundamentals
Auditing
Authentication
Subjects and Principals
Java Authentication and Authorization Service (JAAS)
JAAS LoginModules
JAAS Control Flags
CallbackHandlers
Mutual Authentication
Identity Assertion Providers and LoginModules
Identity Assertion and Tokens
Challenge Identity Assertion
Servlet Authentication Filters
Types of Authentication
Username/Password Authentication
Certificate Authentication
Digest Authentication
Perimeter Authentication
Security Assertion Markup Language (SAML)
SAML Framework Concepts
SAML Components Provided in WebLogic Server
SAML Security Providers
Single Sign-On Services
Web Services Support for SAML Token Profile 1.1
Single Sign-On (SSO)
Web Browsers and HTTP Clients via SAML
Desktop Clients
Authorization
WebLogic Resources
Security Policies
ContextHandlers
Access Decisions
Adjudication
Identity and Trust
Private Keys
Digital Certificates
Certificate Authorities
Certificate Lookup and Validation
Secure Sockets Layer (SSL)
SSL Features
Cipher Suites
SSL Tunneling
One-way/Two-way SSL Authentication
Configuring SSL
Host Name Verification
Trust Managers
FIPS Support
Firewalls
Connection Filters
Perimeter Authentication
Java EE and WebLogic Security
Java EE 6.0 Security Packages
The Java Secure Socket Extension (JSSE)
Java Authentication and Authorization Services (JAAS)
The Java Security Manager
Java Cryptography Architecture and Java Cryptography Extensions (JCE)
Java Authorization Contract for Containers (JACC)
Common Secure Interoperability Version 2 (CSIv2)
4
Security Realms
Introduction to Security Realms
Users
Groups
Security Roles
Security Policies
Security Providers
Security Provider Databases
What Is a Security Provider Database?
Security Realms and Security Provider Databases
Embedded LDAP Server
RDBMS Security Store
Types of Security Providers
Authentication Providers
Identity Assertion Providers
Principal Validation Providers
Authorization Providers
Adjudication Providers
Role Mapping Providers
Auditing Providers
Credential Mapping Providers
Certificate Lookup and Validation Providers
Keystore Providers
Realm Adapter Providers
Security Provider Summary
Security Providers and Security Realms
5
WebLogic Security Service Architecture
WebLogic Security Framework
The Authentication Process
The Identity Assertion Process
The Principal Validation Process
The Authorization Process
The Adjudication Process
The Role Mapping Process
The Auditing Process
The Credential Mapping Process
The Certificate Lookup and Validation Process
Single Sign-On with the WebLogic Security Framework
Single Sign-On with SAML 1.1
WebLogic Server Acting a SAML 1.1 Source Site
Weblogic Server Acting as SAML 1.1 Destination Site
Single Sign-On and SAML 2.0
Service Provider Initiated Single Sign-On
Identity Provider Initiated Single Sign-On
Desktop SSO Process
SAML Token Profile Support in WebLogic Web Services
Sender-Vouches Assertions
Holder-of-Key Assertion
The Security Service Provider Interfaces (SSPIs)
Weblogic Security Providers
WebLogic Authentication Provider
Alternative Authentication Providers
Password Validation Provider
WebLogic Identity Assertion Provider
SAML Identity Assertion Provider for SAML 1.1
SAML 2.0 Identity Assertion Provider
Negotiate Identity Assertion Provider
WebLogic Principal Validation Provider
WebLogic Authorization Provider
WebLogic Adjudication Provider
WebLogic Role Mapping Provider
WebLogic Auditing Provider
WebLogic Credential Mapping Provider
SAML Credential Mapping Provider for SAML 1.1
SAML 2.0 Credential Mapping Provider
PKI Credential Mapping Provider
WebLogic CertPath Provider
Certificate Registry
Versionable Application Provider
WebLogic Keystore Provider
WebLogic Realm Adapter Providers
Glossary
Scripting on this page enhances content navigation, but does not change the content in any way.